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(57) A key update system uses information in an update message from a communications system to generate a new key 
and perform a bidirectional validation of the new key. After a unit validates the new key, at least a portion of 
information from the update message is used by the communications system to validate the new key. As a result, the 
communications system is not required to generate and transmit a separate authentication challenge to validate the new 
key. For example, a wireless communications system can send an update message with a sequence RANDSSD to the 
wireless unit The wireless unit generates a new SSD using at least a portion of the sequence RANDSSD, and the 
wireless unit uses at least a portion of the new SSD to generate a signature value AUTHBS to validate the new key and 
thereby the home authentication center that initiated the update of the SSD, After the wireless unit validates the new 
key by comparing the AUTHBS generated by the wireless unit with an AUTHBS generated by the wireless 
communications system, the wireless unit uses at least a portion of the sequence RANDSSD and at least a portion of 
the new SSD to generate the validation value AUTHSSD. The validation value AUTHSSD can be sent to the wireless 
communications system along with a confirmation signal indicating the wireless unit has validated the new key. The 
wireless communications system can validate the new SSD by comparing the validation value AUTHSSD received 
from the wireless unit with a validation value generated in the same fashion by me wireless communications system. 
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METHOD AND APPARATUS FOR PERFORMING A KEY UPDATE USING 
BIDIRECTIONAL VALIDATION 

Abstract of the Disclosure 

5 A key update system uses information in an update message from a 

communications system to generate a new key and perform a bidirectional validation 
of the new key. After a unit validates the new key, at least a portion of information 
from the update message is used by the communications system to validate the new 
key. As a result, the communications system is not required to generate and transmit 

1 o a separate authentication challenge to validate the new key. For example, a wireless 
communications system can send an update message with a sequence RANDSSD to 
the wireless unit. The wireless unit generates a new SSD using at least a portion of 
the sequence RANDSSD, and the wireless unit uses at least a portion of the new SSD 
to generate a signature value AUTHBS to validate the new key and thereby the home 

15 authentication center that initiated the update of the SSD. After the wireless unit 

validates the new key by comparing the AUTHBS generated by the wireless unit with 
an AUTHBS generated by the wireless communications system, the wireless unit uses 
at least a portion of the sequence RANDSSD and at least a portion of the new SSD to 
generate the validation value AUTHSSD. The validation value AUTHSSD can be 

20 sent to the wireless communications system along with a confirmation signal 

indicating the wireless unit has validated the new key. The wireless communications 
system can validate the new SSD by comparing the validation value AUTHSSD 
received from the wireless unit with a validation value generated in the same fashion 
by the wireless communications system. 

25 
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METHOD AND APPARATUS FOR PERFORMING A KEY UPDATE USING 
BIDIRECTIONAL VALIDATION 

Background Of the Invention 
5 L Field of The Invention 

The present invention relates to communications; mote specifically, the 
updating of keys or other information used by communicating parties. 
2. Description of Related Art 

A typical wireless communications system provides wireless communications 

10 services to a geographic region. When a wireless unit attempts communications with 
the wireless communications system, the wireless communications system 
authenticates or verifies the wireless unit's identity before allowing the wireless unit 
access to the wireless communication system. To do so in a typical wireless 
communications system, both the wireless unit and the wireless communications 

15 system have a secret value called A-KEY. The wireless communications system uses 
the A-KEY and a randomly generated sequence RANDSSD to generate a shared 
secret data value (SSD). The SSD can be divided into SSD-A (Shared Secret Data A) 
and SSD-B (Shared Secret Data B) values. The SSD-A value is used for 
authentication procedures, and the SSD-B value is used for key generation and 

20 encryption procedures* The wireless communications system transmits the 

RANDSSD to die wireless unit The wireless unit then calculates SSD in the same 
fashion as calculated by the wireless communications system. 

Before accepting new SSD values to be used in authentication and encryption 
procedures, the wireless unit validates the new SSD values. To do so, the wireless 

25 unit generates a random challenge RANDBS to generates a validation signature value 
AUTHBS. The wireless unit also sends the RANDBS to the wireless 
communications system, and the wireless communications system derives AUTHBS 
in the same fashion using RANDBS from the wireless unit The wireless 
communications system sends the AUTHBS value to the wireless unit, and the 
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wireless unit compares the AUTHBS value generated at the wireless unit with the ' 
AUTHBS value sent from the system* If the comparison is successful, the SSD 
update is successful. 

After the SSD update, the wireless communications system typically 
$ authenticates the wireless unit to ensure that the wireless unit has properly calculated 
the SSD. The wireless communications system generates a sequence, such as a 
random challenge RANDU, and sends the sequence RANDU to the wireless unit 
which uses RANDU and SSD-A to generate an authentication signature value 
AUTHU* The wireless communications system generates the authentication signature 

10 value AUTHU in the same fashion. The wireless unit then transmits the value 

AUTHU calculated by the wireless unit to the wireless communications system* The 
wireless communications system compares the value AUTHU calculated by the 
system and the AUTHU value received from the wireless unit. If the values match, 
the wireless unit is authenticated. 

15 The above-described SSD update and authentication of the wireless unit 

requires that the wireless unit confirm the validity of the SSD update followed by the 
system performing a separate authentication of the wireless unit to ensure the validity 
of the SSD update from the perspective of the wireless unit and the wireless 
communications system. As a result, the wireless unit confirms that the SSD update 

20 is successful before the authentication of the wireless unit can be initiated. After the 
wireless unit confirms the SSD update, the system performs a separate authentication 
requiring die system to generate additional information, such as a random challenge 
RANDU, and to send the random challenge to the wireless unit. The wireless unit 
must then respond by sending to the system the authentication signature value 

25 AUTHU derived using RANDU. 

Summary of the Invention 

The present invention provides a key update system which uses information in 
an update message from a communications system to generate a new key and perform 
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a bidirectional validation of tbc new key* After a unit validates the new key, at least a 
portion of information from the update message is used by the communications 
system to validate the new key. As a result, the communications system is not 
required to generate and transmit a separate authentication challenge to validate the 

5 new key. For example, a wireless communications system can send an update 

message with a sequence RANDSSD to the wireless unit. The wireless unit generates 
a new SSD using at least a portion of the sequence RANDSSD, and the wireless unit 
uses at least a portion of die new SSD to generate a signature value AUTHBS to 
validate the new key and thereby the home authentication center that initiated the 

10 update of the SSD. After the wireless unit validates the new key by comparing the 
AUTHBS generated by the wireless unit with an AUTHBS generated by the wireless 
communications system* the wireless unit uses at least a portion of the sequence 
RANDSSD and at least a portion of the new SSD to generate the validation value 
AUTHSSD. The validation value AUTHSSD can be sent to the wireless 

15 communications system along with a confirmation signal indicating the wireless unit 
has validated the new key. The wireless communications system can validate the new 
SSD by comparing the validation value AUTHSSD received from the wireless unit 
with a validation value generated in the same fashion by the wireless communications 
system. 

20 

Brief Description of the Drawings 

Other aspects and advantages of the present invention may become apparent 
upon reading the following detailed description and upon reference to the drawings La 
which: 

25 FIG. 1 shows a general diagram of a wireless communications system in 

which the key update and bidirectional validation system according to the principles 
of the present invention can be used; 
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FIGS. 2a and 2b illustrate the sharing of a key with a visitor location register 
by the home location register and the authentication process in a typical network, such 
as an IS-41 compliant network; 

FIG. 3 illustrates a key update and separate authentication procedure used 
5 between a wireless unit and a wireless communication system based on IS-95B; and 

FIG* 4 illustrates a method for performing a key update with bidirectional 
validation according to the principles of the present invention. 

Detailed Description 

to FIG. 1 depicts a portion of a typical wireless communications system 5 which 

provides wireless communications services through a base station 10 to a geographic 
region 12. such as a cell or sector, associated with the base station 10. When a 
wireless unit 14 within the cell 12 first registers or attempts communications with the 
base station 10, the base station 10 authenticates or verifies the wireless unit's identity 

1 5 before allowing the wireless unit 1 4 access to the wireless communication system. 
The home network for the wireless unit 14 can be a collection of cells making up a 
cellular geographic service area where the wireless unit 14 resides and is typically the 
network controlled by the service provider that has contracted with the wireless unit's 
owner to provide wireless communication services. When wireless unit 14 is in a 

20 network other than its home network, it is referred to as being in a visiting 
communication network- If the wireless unit 14 is operating in the visiting 
communication network, the authentication of the wireless unit by base station 10 will 
involve communicating with a home authentication center 16 of the wireless unit's 
home network. 

25 In the example of FIG. 1, the wireless unit 14 is in a visiting communications 

network. As a result, the authentication of the wireless unit 14 involves 
communicating with the home authentication center 16 of the wireless unit's home 
network. When the wireless unit 14 attempts to access the visiting communications 
network, base station 10 communicates with a visiting authentication center 1 8 of the 
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visiting communication network. The visiting authentication center 1 8 determines 
from a wireless unit or terminal identifier, such as the telephone number of wireless 
unit 14, that the wireless unit 14 is registered with a network that uses home 
authentication center 16. Visiting authentication center 13 then communicates with 

5 home authentication center 1 6 over a network, such as a signaling network 20 under 
the standard identified as TIA/EIA-41-D entitled "Cellular Radiotetecommunications 
Intersystem Operations," December 1997 ("IS-41")- Home authentication center 16 
then accesses a home location register (HLR) 22 which has a registration entry for 
wireless unit 14. Home location register 22 may be associated with the wireless unit 

10 by an identifier such as the wireless unit's telephone number. The information 
contained in the home location register 22 is used to generate authentication and 
encryption keys, such as a shared secret data (SSD) key, and other information that is 
then supplied to a visitor location register (VLR) 24 of the visiting authentication 
center 18. The information from the visitor location register 24 is then used to supply 

15 base station 10 with information, such as a random number challenge, that is 

transmitted to wireless unit 14 so that wireless unit 14 can respond and thereby be 
authenticated as a wireless unit that is entitled to receive communication services, 

FIGs. 2A and 2Bshow how a wireless unit 14 is authenticated within a 
visiting network which is compatible with the IS-41 signaling standard. Both the 

20 wireless unit 14 and the home location register 22 contain a secret value called A- 
KEY. When the wireless unit 14 requests access to a visiting network, the visiting 
network authentication center 1 8 (FIG. 1 ) requests data from the home authentication 
center 16 (FIG. 1). The home location register 22 associated with the wireless unit 14 
is located using an identifier, such as the wireless unit's telephone number. The home 

25 location register 22 for the wireless unit 14 stores the A-KEY which is used to 
generate a shared secret data value (SSD) that will be transmitted to the visitor 
location register 24. The SSD can be calculated by performing a CAVE algorithm 
using a random number RANDSSD as an input and the A-KEY as a key input The 
CAVE algorithm is well known in the art and is specified in the IS-41 standard. The 
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SSD can be divided into SSD-A (Shared Secret Data A) and SSD-B (Shared Secret 
Data B) values. The SSD-A value is used for authentication procedures, and the 
SSD-B value is used for key generation and encryption procedures. The home 
authentication center 16 transfers the values SSD- A, SSD-B and RANDSSD to the 

5 visitor location register 24 of the visiting network. As will be discussed below, the 
visiting network updates the SSD that will be used by the wireless unit 14 by 
transmitting RANDSSD to the wireless unit. The wireless unit 14 then calculates 
SSD in the same fashion as calculated by the home authentication center 16 as shown 
by the equation SSD-A, SSD-B - CAVE A4UiY (RANDSSD). After both the wireless 

] a unit and the visiting location register 24 have the keys SSD-A and SSD-B and the 
update procedure is completed as described below, the wireless unit 14 can be 
authenticated by the visiting network. 

FIG. 2B illustrates how a wireless unit is authenticated within a visiting 
network after both the wireless unit and visiting location register have updated the 

15 values SSD-A and SSD-B, which can be referred to as shared keys. The visiting 

authentication center 18 (FIG* 1) challenges the wireless unit 14 by sending a random 
number challenge RAND to the wireless unit. At this point both the wireless unit and 
visiting authentication center calculate the value AUTHR where AUTHR is equal to 
the output of a cryptographic function, such as the CAVE algorithm, using the . 

20 random number RAND and the SSD-A value as inputs as shown by AUTHR = 

CAVE ssd-a (RAND). The wireless unit then transmits the calculated value AUTHR 
to the visiting authentication center 18 (FIG. 1). The visiting authentication center 18 
compares its calculated value of AUTHR and the value received from the wireless * 
unit 14. If the values match, the wireless unit 14 is authenticated and it is given 

23 access to the visiting network. 

In addition, both the wireless unit 14 and the visiting authentication center 18 
calculate the value of cipher key where the value Kc is equal to the output of the 
CAVE algorithm using the value SSD-B as the key input and additional information, 
such as RAND, as an input as shown by = CAVE ^d* (RAND)* At this point, 
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communications between the wireless unit and the visiting network are permitted and 
may be encrypted using a cryptographic function where the inputs are the message to 
be encrypted and the key Kq . The cryptographic functions are specified for code 
division multiple access (CDMA), time division multiple access (TDMA) and global 

5 system mobile (GSM) systems by their respective standards. It should be noted that 
with regard to IS-41, communications between the visiting authentication center 1 8 
and the home authentication center 1 6 are typically carried out each time the wireless 
unit 14 registers with the visiting network as opposed to each time a call is made to 
the wireless unit 14. It is also possible to carry out the same procedures when the 

10 wireless unit is in the home network. In this case, the home authentication center, 
rather than the visiting authentication center, communicates with the wireless unit 
The communications between the wireless unit and the authentication center in the 
wireless communications systems pass through a wireless base station. 

If the home authentication center 1 6 determines that the key value SSD needs 

15 to be updated, for example because certain criteria indicate thai the SSD may be 
compromised, the SSD value associated with the wireless unit 14 can be updated 
FIG. 3 shows the SSD update procedure followed by the standard identified as 
TIA/EIA-95-B entitled "Mobile Station-Base Station Compatibility Standard for 
Dual-Mode Spread Spectrum Systems" ("IS-95B") between the wireless unit and die 

20 wireless communications system. The wireless communications system can include 
the serving base station, the visiting authentication center, the visitor location register, 
the home authentication center and/or the home location register. The SSD update 
procedure provides both the wireless unit and the wireless communications system 
with updated keys (SSD-A and SSD-B) that will be used for encryption and 

25 authentication. 

To set the value SSD, the home authentication center creates a RANDSSD 
sequence. Using the RANDSSD sequence, the A-key and the ESN of the wireless 
unit as inputs to a cryptographic function, such as a SSD generation procedure 30, the 
home authentication center generates a new key value (SSD). The home 



PW£ 18/36 * RCVD AT 2/23/2005 2:1 1 :07 AM [Eastern Standard Time] * SVR:USPTO«ff XRF-1/0 * DN1S:87M306 1 CSID:80H986§73 * DURATION (mm-ss): 1 1-34 



23-02-'05 15:19 WINSTON HSU, NO. 41526 8064986673 

CA 02314303 2000-07-21 



T-589 P17/36 U 



Mizikovsky, S.B. 23 8 

authentication center sends the RANDSSD sequence through the visiting 
authentication center and the serving base station in an update message, such as an 
SSD update message 32, to the wireless unit to update the SSD. The wireless unit 
provides the RANDSSD sequence received from the serving base station along with 
5 the A-key and the electronic serial number (ESN), which are stored at the wireless 
unit to a cryptographic function, such as an SSD key generation procedure 34. The 
SSD key generation procedure 34 generates the new SSD which is divided into SSD- 
A-NEW and SSD-B-NEW. The SSD generation procedures 30 and 34 implement the 
CAVE algorithm using a random number RANDSSD* ESN and the value A-KEY as 

to inputs. The CAVE algorithm is well known in the an as a one-way function which 
inhibits the determination of the inputs to the function given the output. 

Before accepting new SSD values to be used in authentication and encryption 
procedures, the wireless unit validates the new SSD value and thereby the home 
authentication center 16 which initiated the generation of the new SSD value. To do 

15 so, the wireless unit generates a random number RANDBS at block 36. The wireless 
unit provides RANDBS and SSD-A-NEW along with additional data, such as the 
ESN and/or an AUTH_DATA string derived from an international mobile station 
identification number (IMSI), to a cryptographic function, such as a signature 
procedure 38. The signature procedure 38 generates the validation signature value 

20 AUTHBS. The wireless unit also sends the RANDBS to the wireless 

communications system, for example as part of a base station challenge order 37. 
Using a corresponding cryptographic function, such as a signature procedure 40, the 
wireless communications system derives AUTHBS using RANDBS from the wireless 
unit, SSD-A-NEW from the SSD generation procedure 30 and the additional ^n ta, 

25 such as the ESN and/or the AUTH DATA, used by the wireless unit to derive 

AUTHBS. The wireless communications system sends the AUTHBS value generated 
by the signature procedure 40 to the wireless unit, for example in a base station 
challenge confirmation order 41 . At block 42, the wireless unit compares the 
AUTHBS value generated at the wireless unit with the AUTHBS value sent from the 
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system. If the comparison is successful, the wireless unit will set the SSD-A value to 
SSD-A-NEW and the SSD-B value to SSD-B-NEW. The wireless unit then sends an 
SSD update confirmation order 43 to the home authentication center indicating 
successful completion of the SSD update. Upon receipt of the SSD update 
5 confirmation order, the home authentication center sets SSD-A and SSD-B to the 
SSDA-NEW and SSD-B-NEW values generated by the system. 

After the SSD update procedure, the wireless communications system 
typically authenticates the wireless unit to ensure the validity of the new SSD key 
value. The wireless communications system generates a sequence, such as a random 

10 challenge RANDU, and sends the sequence RANDU to the wireless unit, for example 
in an authentication challenge message 44. Upon receipt of the authentication 
challenge message 44, the wireless unit provides at least a portion of sequence 
RANDU to a cryptographic function, for example to an authentication signature 
procedure 46 with the inputs ESN, AUTH_DATA, SSD-A and a 

15 RAND_CHALLENGE derived from RANDU and IMSL The authentication 

signature procedure 46 generates the authentication signature value AUTHU as the 
output of the CAVE algorithm using the RAND_CHALLENGE, ESN, 
AUTH DATA and SSD-A as inputs. The wireless communications system generates 
the authentication signature value AUTHU using the authentication signature 

20 procedure 48 in the same fashion. The wireless unit then transmits the value AUTHU 
calculated by the wireless unit to the wireless communications system. The wireless 
communications system compares the value AUTHU calculated by the system and 
the AUTHU value received from the wireless unit at block 50. If the values match, 
the wireless unit is authenticated* and the wireless communications system validates 

25 die new SSD value. 

The above-described SSD update and authentication of the wireless unit 
requires that wireless unit confirm the validity of the SSD update followed by the 
system performing a separate authentication of the wireless unit to ensure the validity 
of the SSD update from the perspective of the wireless unit and the wireless 
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communications system. As a result, the wireless unit must transmit the SSD 
confirmation order to confirm the SSD update before the authentication of the 
wireless unit can be initiated. After the wireless unit confirms the SSD update, the 
system performs a separate authentication requiring the system to generate additional 
5 information, such as a random challenge RANDU, and to send the random challenge 
to the wireless unit The wireless unit must then respond by sending to the system the 
authentication signature value ALJTHU derived using RANDU. 

An illustrative embodiment of the key update using bidirectional validation 
according to the principles of the present invention is described below which provides 

10 an improved key update procedure. For example* if a home authentication center 
initiates a key update, such as a shared secret (SSD) data key, because for example 
certain criteria at the home authentication center indicate that the key may be 
compromised or for any other reason (for example, to be initialized), the home 
authentication center can have an update message sent to the wireless unit According 

15 to the principles of the present invention, the wireless unit uses information (for 
example, RANDS SD and/or additional information) in the update message and an 
internally-stored secret value (for example, A-key) known only to the wireless unit 
and the home authentication center to generate the new or updated key (for example, 
SSD). After the wireless unit generates the new key value and validates the new key 

20 and thereby the home authentication center, a validation of the new key (for example, 
the SSD) is performed by the wireless communications system using at least a portion 
of information (for example, RANDSSD and/or other information) sent in the update 
message: Thus, after performing an SSD update, a separate authentication challenge 
(for example, RANDU) is not required for the system to validate the new SSD. 

25 Depending on the embodiment and/or whether the wireless unit is registering 

with a visiting or home network, portions of the key update and bidirectional 
validation system can be implemented in different portions of the wireless 
communications system, such as the serving base station, the visiting authentication 
center, the visitor location register, the home location register and/or the home 
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authentication center. Once the wireless unit has validated the new SSD value and 
the wireless communications system has validated the new SSD, the wireless unit and 
the wireless communications system can u$e the updated keys (SSD-A and SSD-B) 
for encryption and authentication. 

5 FIG. 4 shows an embodiment of the key update and bidirectional validation 

procedure between a wireless unit and the wireless communications system. The 
wireless unit and the home location register share a secret value A-key. When a key 
update, for example of a shared key (SSD), is to be performed, the home 
authentication center creates a RANDSSD sequence at block 100. The sequence 

10 RANDSSD can be a random number, a pseudo-random number winch repeats after a 
certain period or the output of an ever-increasing counter the received value of which 
cannot be less than or equal to a previously received value. The home authentication 
center accesses the home location register associated with the wireless unit using an 
identifier such as a telephone number of the wireless unit, received from or 

15 determined from information received from the wireless unit The home 

authentication center then calculates a new key value SSD by taking the output of a 
cryptographic function, such as an SSD or key generation procedure 102, using the 
sequence RANDSSD and the secret key A-key as inputs. The new value SSD can de 
divided into SSD-A-NEW and SSD-B-NEW. After the SSD update is bidirectionaUy 

20 validated, the SSD- A is used in authentication procedures and die SSD-B is used in 
key generation, for example in generating the cipher key Kc, or encryption 
procedures. As shown in FIG. 4, embodiments of the key update and bidirectional 
validation system can use additional input(s) to the key generation procedure 102, for 
example a value which is characteristic of the wireless unit or the subscription, such 

25 as the ESN and/or IMSL 

The wireless communications system sends the RANDSSD sequence to the 
wireless unit in a SSD update message 104 to create the new SSD value. The 
wireless unit generates the new value SSD (SSD-A-NEW and SSD-B-NEW) for the 
key SSD in the same fashion as the wireless communications system using the 
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RANDSSD sequence received from the system, the A-key stored in the wireless unit 
and any additional information, such as the ESN stored in the wireless unit, as inputs 
to an SSD generation procedure 106. The SSD generation procedures 102 and 106 
implement the CAVE algorithm using a random number RANDSSD, ESN and the 

5 value A-KEY as the key input. The CAVE algorithm is well known in the art as a 
one-way function. Other generation procedures can be used. 

After generating the new SSD value (SSD-A-NEW, SSD-B-NEW), the 
wireless unit authenticates the wireless communications system and thereby validates 
the new SSD value. To do so, the wireless unit generates a number or sequence 

10 RANDBS, such as a random number, at block 108 and sends RANDBS to the 

wireless communications system. The sequence RANDBS can be a pseudo-random 
number which repeats after a certain period or the output of an ever-increasing 
counter the received value of which cannot be less than or equal to a previously 
received value. The wireless unit provides RANDBS and SSD-A-NEW along with 

15 any additional data, such as the ESN and/or an AUTH_DATA string derived from an 
international mobile station identification number (IMSI), to a signature procedure 
110. The signature procedure 1 10 generates the signature value AUTHBS. On the 
wireless communications system side, a signature procedure 1 12 derives AUTHBS 
using the RANDBS sequence received from the wireless unit, SSD-A-NEW from the 

20 SSD generation procedure 102 and any additional data used by the wireless unit, such 
as ESN and/or AUTH_DATA. The system sends the AUTHBS value generated by 
the signature procedure 1 12 to the wireless unit fur-verification. At block 114, the 
wireless unit compares the AUTHBS value generated at the wireless unit with the 
AUTHBS value received from the system. If the comparison is successful, the 

23 wireless unit has validated the new SSD value and thereby the wireless 

communication system* and the wireless unit can set the SSD- A value to SSD- A- . 
NEW and the SSD-B value to SSD-B-NEW. 

The wireless communications system then validates the new SSD value. The 
sequence RANDSSD provided to the wireless unit for updating the key value SSD is 
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also used to validate the new SSD. The wireless unit uses the RANDSSD received 
from the system and the SSD-A-NEW generated at the wireless unit by the SSD 
generation procedure 106 along with any additional data, such as at least portions of 
RANDBS, ESN and/or AUTH_DATA, to provide inputs to a signature procedure 

5 116. Fox example, at least a portion of RANDSSD and at least a portion of SSD-A- 
NEW as well as any additional data, such as the ESN and AUTHJ5ATA, can be 
provided to the signature procedure 1 1 6. The wireless unit then generates a validation 
value AUTHSSD. The wireless unit sends AUTHSSD to the wireless 
communications system. On the wireless communications system side, the system 

10 provides to a corresponding signature procedure 118 inputs used by the wireless unit 
to generate AUTHSSD, for example the RANDSSD sequence, the SSD-A-NEW 
generated by the system using the SSD generation procedure 102 and any additional 
data used by the wireless unit, such as ESN and AUTH_DATA. The signature 
procedure 118 generates the validation value AUTHSSD, and the system compares at 

15 block 120 the AUTHSSD generated by the system with the AUTHSSD received from 
the wireless unit. If the comparison is successful, the system validates the updated 
key SSD, and the system sets the SSD- A value to the SSD-A-NEW value generated 
by the system and the SSD-B value to the SSD-B-NEW value generated by the 
wireless communications system* 

20 The key update and bidirectional validation procedure can be carried out: 

periodically; when the wireless communications system determines that the shared 
key SSD may be compromised based on certain criteria; when the wireless unit 
returns to the home network or a trusted visiting network; when the A-key is changed; 
what a new subscription is established to initialize the SSD value; and/or for other 

25 reasons. Additionally, depending on the embodiment, the inputs to the key generation 
procedures 102 and 106 and the signature procedures 110, 112, 116and 118 can 
include values in addition to those mentioned above or inputs derived from those and 
other values. For example, at least portions of the electronic serial number (ESN) of 
the wireless unit, die phone number (MINI) of the wireless unit and/or the IMS I of 
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the wireless unit can be used as an input(s) to the key generation and signature 
procedures 102, 106, 1 10, 1 12, 1 16 and 1 18. The key generation procedures 102 and 
106 and the signature procedures 1 10, 1 12, 116 and 1 18 can be hash functions or any 
one-way cryptographic function, such as the CAVE algorithm and/or SHA- 1 . Hash 

5 functions can be characterized as one way functions (a function for which it is not 
feasible to regenerate the inputs given the output), as functions which produce a 
many to one mapping of inputs to outputs, and/or as functions which produce outputs 
with less information than the inputs, thereby the inputs are difficult to ascertain 
given the output In such functions, the output is referred to as a signature of the 

10 input 

Depending on the embodiment, the communications for the key update and 
bidirectional validation system can take place between the wireless unit and the home 
authentication center (through the visiting authentication center if the wireless unit is 
in a visiting network). In alternative embodiments, portions of the key update and 

15 bidirectional validation system can be performed in locations other than the home 
authentication center. For example, if the home authentication center sends 
RANDSSD along with the SSD-A-NEW to the visiting authentication center to 
generate the signature value AUTHBS, the visiting authentication center could 
generate the AUTHBS sent to the wireless unit, and/or the visiting authentication 

20 center could generate AUTHSSD and compare AUTHSSD to the AUTHSSD sent by 
the wireless unit Depending on the embodiment, the inputs for the SSD generation 
and signature procedures can be communicated from different sources to the wireless 
unit, the visiting authentication center and/or the home authentication center. For 
example, if the ESN is used as an input to the signature procedure and the visiting 

25 authentication center performs the calculation of AUTHBS and AUTHSSD, the ESN 
could be transmitted to the visiting authentication center from the home 
authentication center. 

In addition to the embodiment^) described above, the key update and 
bidirectional validation system according to the principles of the present invention 
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can be used which omit and/or add input parameters to the key generation and 
signature procedures and/or use variations or portions of the described system. For 
example, the key update and bidirectional validation system is described with 
comparative reference to a cellular network using IS-95-B in which a shared key SSD 

5 is updated, but other wireless systems using different multiple access techniques, such 
as TDMA or GSM, can be used in which other information is updated according to 
the principles of the present invention. It should be understood that different 
notations, references and characterizations of the various values, inputs and 
architecture blocks can be used. For example, the functionality of the home 

10 authentication center and the visiting authentication center can be performed in 

mobile switching centers (MSCs) of a wireless communications system. It should be 
understood that the system and portions thereof and of the described architecture can 
be implemented in or integrated with processing circuitry in the wireless unit or at 
different locations of the wireless communications system, or in application specific 

l s integrated circuits, software-driven processing circuitry, firmware or other 

arrangements of discrete components as would be understood by one of ordinary skill 
in the art with the benefit of this disclosure. What has been described is merely 
illustrative of the application of the principles of the present invention. Those skilled 
in the art will readily recognize that these and various other modifications, 

20 arrangements and methods can be made to the present invention without strictly 
following the exemplary applications illustrated and described herein and without 
departing from the spirit and scope of the present invention. 
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Claims: 

1 . A method of updating a key maintained in a unit for communicating 
with a communications system, said method comprising: 

receiving a sequence; 

5 generating said key from a secret value stared in said unit at least a portion of 

said sequence; 

validating said key; 

generating a validation value using at least a portion of said sequence and at 
least a portion of said key ; and 
10 sending said validation value to said communication system for said 

communication system to validate said key. 

2. The method of claim 1 wherein said step of generating said key 
comprises: 

developing an update string comprising at least a portion of said sequence and 
15 a secret value; and 

generating said key from said string. 

3. The method of claim 1 wherein said validating said wireless 
communications system includes: 

generating a challenge sequence. 

20 4. The method of claim 3 wherein said validating includes: 

generating a signature value which is a function of at least said challenge 
sequence and at least a portion of said key; and 

comparing said signature value with a signature value received from said 

system* 
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5. The method of claim 1 wherein said generating a validation value 
including: 

developing a validation string comprising at least a portion of said sequence 
and at least a portion of said key; and 
3 generating said validation value from said validation string. 

6. A method of updating a key maintained for a unit in a communications 
system, said method comprising: 

sending an update sequence for said unit; 

sending a signature value for said unit using at least a portion of a key 
generated from a secret value stored in said communications system associated with 
said unit and at least a portion of said update sequence for said unit to validate said 
key; 

receiving a first validation value from said unit; and 
comparing said first validation value with a said second validation value 
generated using at least a portion of said update sequence and at least a portion of said 
key. 

7. The method of claim 6 including: 
generating said update sequence. 

8. The method of claim 6 including: 
20 receiving by said visiting authentication center said update sequence 

from said home authentication center, 

9. The method of claim 6 further comprising: 

generating said key as a function of at least a portion of said update sequence 
and a secret value from said update string. 



10 



t5 
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10. The method of claim 6 wherein said sending a signature value 
including; 

receiving a challenge sequence; 

developing a signature string comprising at least said challenge sequence and 
5 at least a portion of said key ; 

generating a signature value from said signature string; and 
sending said signature value to said unit. 

1 1 . The method of claim 6 further comprising; 

generating said second validation value as a function of at least a portion of 
10 said sequence and at least a portion of said key. 

12. A key update system for enabling a unit to communicate with a 
communications system, said system comprising: 

processing circuitry being configured to receive a sequence and to generate a 
key from a secret value stored in said unit and at least a portion of said sequence, said 
15 system being configured to use said key to validate said key and to generate a 

validation value using at least a portion of said sequence and at least a portion of said 
key, said processing circuitry being configured to provide said validation value to said 
system for said system to validate said key. 

13. The system of claim 12 wherein said processing circuitry is further 

20 configured to generate said key as a function of at least a portion of said sequence and 
a secret value. 

14. The system of claim 12 wherein said processing circuitry is further 
configured to generate a challenge sequence 
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1 5. The system of claim 1 4 further configured to generate a signature 
value as a function of at least said challenge sequence and at least a portion of said 
key and to compare said signature value with a signature value received from said 
system. 

5 1 6. The system of claim 12 further configured to generate said validation 

value as a function of at least a portion of said sequence and at least a portion of said 
key. 

17. A system for updating a key maintained for a unit in a communications 
system, said system comprising: 

to processing circuitry configured to provide an update sequence for said unit 

and to provide a signature value for said unit using at least a portion of a key 
generated from a secret value stored in said communications system associated with 
said unit and at least a portion of said update sequence for said unit to validate said 
communications system, said processing circuitry further configured to receive a first 

1 5 validation value from said unit and to compare said first validation value and a said 
second validation value generated using at least a portion of said update sequence and 
at least a portion of said key. 

18. The system of claim 17 wherein said processing circuitry configured to 
generate said update sequence. 

20 19, The system of claim 17 wherein said processing circuitry further 

configured to generate said key as a function of at least a portion of said update 
sequence and a secret vahie. 

20. The system of claim 17 wherein said processing circuitry further 
configured to receive a challenge sequence, to generate a signature value as a function 
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> 

of at least said challenge sequence and at least a portion of said key, and to provide 
said signature value to said wireless unit* 

2 1 - The system of claim 1 7 wherein said processing circuitry further 
configured to develop said second validation value as a function of at least a portion 
5 of said sequence and at least a portion of said key. 
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